6 matches found
Code injection
curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2039)
the CURL module lacked checks for control characters CVE-2006-2563 - strrepeat contained an integer overflow - ext/wddx contained a buffer overflow - memorylimit lacked checks for integer overflows - a bug in sscanf could potentially be exploited to execute arbitrary code CVE-2006-4020 - an...
SUSE-SA:2006:052: php4,php5
The remote host is missing the patch for the advisory SUSE-SA:2006:052 php4,php5. Various security problems have been fixed in the PHP script language engine and its modules, versions 4 and 5. The PHP4 updated packages were released on September 12, the PHP5 update packages were released on...
cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4 Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 15.5.2006 - -Public: 27.5.2006 from SECURITYREASON.COM CVE-2006-2563 - --- 0.Description --- PHP is an HTML-embedded scripting language. Much of its...
CVE-2006-2563
The cURL library libcurl in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters...
CVE-2006-2563
The connected sources provide concrete details for CVE-2006-2563 and related entries: libcurl used by PHP (PHP 4.4.2 and 5.1.4 per CVE-2006-2563) can bypass safe_mode and open_basedir restrictions when a file:// URL containing a null character is processed, allowing reading of restricted files. T...